Privacy Policy
Magnus Health Care Centre is committed to protecting the privacy of all our patients. In conjunction with the Personal Health Information Privacy Act of 2004 (PHIPA), Magnus Health Care Centre has our own privacy policy and best practices guidelines to follow. Our privacy policy is available for all staff and patients to read. If you have concerns regarding our policy, please speak with the Security Officer, or discuss them with your family doctor at your next visit.
Privacy Policy Introduction
Magnus Health Care Centre is committed to protecting the privacy of all our patients. In conjunction with the Personal Health Information Protection Act of 2004 (PHIPA), Magnus Health Care Centre has our own privacy policy and best practices guidelines to follow. Our privacy policy is available for all staff and patients to read. If you have concerns regarding our policy, please speak with the Security Officer, or discuss them with your family doctor at your next visit.
Policy Overview
It is Magnus Health Care Centre Family Health Organization's policy to protect the personal and personal health information of all our patients in accordance with legal obligations set out in Ontario's Personal Health Information Protection Act (PHIPA) and in accordance with good business practices and privacy and security best practices. This policy is reviewed annually to ensure it maintains its adherence to legislative and regulatory requirements.
1. Openness and Transparency
a) Magnus Health Care Centre Family Health Organization values patient privacy and acts to ensure that it is protected.
b) This policy has been written to capture Magnus Health Care Centre's current practices and to respond to federal and provincial requirements for the protection of personal information.
c) This policy describes how Magnus Health Care Centre collects, protects and discloses the personal information of patients and the rights of patients with respect to their personal information.
d) We are available to answer any patient questions regarding our privacy practices.
e) This policy is available for review by staff and patients.
2. Accountability
a) The physician is ultimately accountable for the protection of the health records in his/her possession.
b) Patient information is sensitive by nature. Employees and all others in the Magnus Health Care Centre who assist with or provide care are required to be aware of and adhere to the protections described in this policy.
c) The Magnus Health Care Centre has appointed a Security Officer who has the overall responsibility to manage the privacy and security program.
d) All persons in Magnus Health Care Centre who have access to personal information must attend privacy training.
3. Collection of Personal Information
We collect the following personal information:
- Identification/Contact information (name, date of birth, address, phone, email)
- Billing information (OHIP number, private insurance details)
- Health information (medical history, symptoms)
Magnus Health Care Centre will only collect the information that is required to provide care, administrate the care that is provided, and communicate with patients.
4. Use of Personal Information
Personal information collected from patients is used by the Magnus Health Care Centre for:
- Identification and contact
- Provision and continuity of care
- Health promotion and prevention
- Billing provincial health plan
- Professional requirements
- Quality assurance
- Research studies and trials
5. Disclosure of Personal Information
a) Implied consent: We assume patients have consented to share information with other health providers involved in their care.
b) Without consent: When legally required (reporting diseases, abuse, court orders, etc.)
c) Express consent: Required before disclosing to third parties (insurance companies, etc.)
d) Patients may withdraw consent, though this may impact care.
6. Office Safeguards
Security measures include:
Physical safeguards: Limited office access, locked doors, alarm systems
Technological safeguards: Password protection, firewalls, secure disposal
Administrative safeguards: Need-to-know access, confidentiality agreements
7. Communications Policy
We protect personal information in all communications:
- Telephone: Respect patient preferences for messages
- Fax: Use secure locations and pre-programmed numbers
- Email: Follow specific email security policies
- Post: Use sealed, confidential envelopes
8. Record Retention
The Magnus Health Care Centre will retain patient records as required by law:
- Minimum 10 years from last entry
- For minors, 10 years from when they reach age of majority
- Some records may be kept longer if potential claims exist
9. Secure Disposal of Information
When information is no longer required:
- Paper records: Shredded according to regulations
- Electronic records: Hard drives properly wiped, media destroyed
- Maintain disposal logs with patient name, method, supervisor
10. Patient Rights
a) Access to Information: Patients may request records with reasonable fees
b) Accuracy: Patients may request corrections to their records
c) Complaints: Patients may address concerns with their doctor or privacy commissioner
Appendix 1: Policy Breach Protocol
Steps for handling breaches:
1. Respond immediately and notify authorities
2. Contain the breach (retrieve information, secure systems)
3. Notify affected individuals
4. Investigate and implement remediation
Appendix 2: Security Best Practices
Core principles:
- Confidentiality: Only authorized access
- Integrity: Accurate and complete information
- Availability: Accessible when needed
Guidelines for:
- Printers/fax machines
- Phone communications
- Meeting areas